diff --git a/src/libraries/Common/src/System/Net/SecurityProtocol.cs b/src/libraries/Common/src/System/Net/SecurityProtocol.cs
deleted file mode 100644
index cca3e0d16620cf..00000000000000
--- a/src/libraries/Common/src/System/Net/SecurityProtocol.cs
+++ /dev/null
@@ -1,20 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-
-using System.Security.Authentication;
-
-namespace System.Net
-{
- internal static class SecurityProtocol
- {
- public const SslProtocols DefaultSecurityProtocols =
-#if !NETSTANDARD2_0 && !NETSTANDARD2_1 && !NETFRAMEWORK
- SslProtocols.Tls13 |
-#endif
-#pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete
- SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12;
-#pragma warning restore SYSLIB0039
-
- public const SslProtocols SystemDefaultSecurityProtocols = SslProtocols.None;
- }
-}
diff --git a/src/libraries/System.Net.Http.WinHttpHandler/src/System.Net.Http.WinHttpHandler.csproj b/src/libraries/System.Net.Http.WinHttpHandler/src/System.Net.Http.WinHttpHandler.csproj
index 9e4f19ec066f65..3a60326bfb5614 100644
--- a/src/libraries/System.Net.Http.WinHttpHandler/src/System.Net.Http.WinHttpHandler.csproj
+++ b/src/libraries/System.Net.Http.WinHttpHandler/src/System.Net.Http.WinHttpHandler.csproj
@@ -64,8 +64,6 @@ System.Net.Http.WinHttpHandler
Link="Common\System\Net\HttpKnownHeaderNames.TryGetHeaderName.cs" />
-
-
-
-
s_http3ApplicationProtocols = new List() { SslApplicationProtocol.Http3 };
private static readonly List s_http2ApplicationProtocols = new List() { SslApplicationProtocol.Http2, SslApplicationProtocol.Http11 };
private static readonly List s_http2OnlyApplicationProtocols = new List() { SslApplicationProtocol.Http2 };
@@ -277,20 +276,6 @@ private static SslClientAuthenticationOptions ConstructSslOptions(HttpConnection
// Set TargetHost for SNI
sslOptions.TargetHost = sslHostName;
- // Windows 7 and Windows 2008 R2 support TLS 1.1 and 1.2, but for legacy reasons by default those protocols
- // are not enabled when a developer elects to use the system default. However, in .NET Core 2.0 and earlier,
- // HttpClientHandler would enable them, due to being a wrapper for WinHTTP, which enabled them. Both for
- // compatibility and because we prefer those higher protocols whenever possible, SocketsHttpHandler also
- // pretends they're part of the default when running on Win7/2008R2.
- if (s_isWindows7Or2008R2 && sslOptions.EnabledSslProtocols == SslProtocols.None)
- {
- if (NetEventSource.Log.IsEnabled())
- {
- NetEventSource.Info(poolManager, $"Win7OrWin2K8R2 platform, Changing default TLS protocols to {SecurityProtocol.DefaultSecurityProtocols}");
- }
- sslOptions.EnabledSslProtocols = SecurityProtocol.DefaultSecurityProtocols;
- }
-
return sslOptions;
}
@@ -1026,19 +1011,6 @@ public bool CleanCacheAndDisposeIfUnused()
return false;
}
- /// Gets whether we're running on Windows 7 or Windows 2008 R2.
- private static bool GetIsWindows7Or2008R2()
- {
- OperatingSystem os = Environment.OSVersion;
- if (os.Platform == PlatformID.Win32NT)
- {
- // Both Windows 7 and Windows 2008 R2 report version 6.1.
- Version v = os.Version;
- return v.Major == 6 && v.Minor == 1;
- }
- return false;
- }
-
// For diagnostic purposes
public override string ToString() =>
$"{nameof(HttpConnectionPool)} " +
diff --git a/src/libraries/System.Net.Http/tests/UnitTests/System.Net.Http.Unit.Tests.csproj b/src/libraries/System.Net.Http/tests/UnitTests/System.Net.Http.Unit.Tests.csproj
index 4483fe2bf0e479..c71216b138fa4b 100755
--- a/src/libraries/System.Net.Http/tests/UnitTests/System.Net.Http.Unit.Tests.csproj
+++ b/src/libraries/System.Net.Http/tests/UnitTests/System.Net.Http.Unit.Tests.csproj
@@ -35,8 +35,6 @@
Link="ProductionCode\Common\System\Net\Logging\NetEventSource.Common.cs" />
-
-
diff --git a/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj b/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj
index 888f2e47541314..03708443b2ea80 100644
--- a/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj
+++ b/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj
@@ -120,8 +120,6 @@
Link="Common\System\Net\Logging\NetEventSource.Common.cs" />
-
-
diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj
index ecf71f7c0f5c97..50a09e13eba7b1 100644
--- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj
+++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj
@@ -98,8 +98,6 @@
-
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslClientAuthenticationOptions.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslClientAuthenticationOptions.cs
index 8ecde73420971e..5e7ccf90c0e714 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/SslClientAuthenticationOptions.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslClientAuthenticationOptions.cs
@@ -12,7 +12,7 @@ public class SslClientAuthenticationOptions
{
private EncryptionPolicy _encryptionPolicy = EncryptionPolicy.RequireEncryption;
private X509RevocationMode _checkCertificateRevocation = X509RevocationMode.NoCheck;
- private SslProtocols _enabledSslProtocols = SecurityProtocol.SystemDefaultSecurityProtocols;
+ private SslProtocols _enabledSslProtocols = SslProtocols.None;
private bool _allowRenegotiation = true;
private bool _allowTlsResume = true;
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs
index cc580f588db99f..cc082eaa04f7e6 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs
@@ -10,7 +10,7 @@ namespace System.Net.Security
public class SslServerAuthenticationOptions
{
private X509RevocationMode _checkCertificateRevocation = X509RevocationMode.NoCheck;
- private SslProtocols _enabledSslProtocols = SecurityProtocol.SystemDefaultSecurityProtocols;
+ private SslProtocols _enabledSslProtocols = SslProtocols.None;
private EncryptionPolicy _encryptionPolicy = EncryptionPolicy.RequireEncryption;
private bool _allowRenegotiation;
private bool _allowTlsResume = true;
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs
index 96dae15afd7488..bcf2a5bf88d61f 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs
@@ -228,14 +228,14 @@ public SslStream(Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificat
//
public virtual IAsyncResult BeginAuthenticateAsClient(string targetHost, AsyncCallback? asyncCallback, object? asyncState)
{
- return BeginAuthenticateAsClient(targetHost, null, SecurityProtocol.SystemDefaultSecurityProtocols, false,
+ return BeginAuthenticateAsClient(targetHost, null, SslProtocols.None, false,
asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsClient(string targetHost, X509CertificateCollection? clientCertificates,
bool checkCertificateRevocation, AsyncCallback? asyncCallback, object? asyncState)
{
- return BeginAuthenticateAsClient(targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+ return BeginAuthenticateAsClient(targetHost, clientCertificates, SslProtocols.None, checkCertificateRevocation, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsClient(string targetHost, X509CertificateCollection? clientCertificates,
@@ -265,7 +265,7 @@ internal IAsyncResult BeginAuthenticateAsClient(SslClientAuthenticationOptions s
public virtual IAsyncResult BeginAuthenticateAsServer(X509Certificate serverCertificate, AsyncCallback? asyncCallback, object? asyncState)
{
- return BeginAuthenticateAsServer(serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false,
+ return BeginAuthenticateAsServer(serverCertificate, false, SslProtocols.None, false,
asyncCallback,
asyncState);
}
@@ -273,7 +273,7 @@ public virtual IAsyncResult BeginAuthenticateAsServer(X509Certificate serverCert
public virtual IAsyncResult BeginAuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired,
bool checkCertificateRevocation, AsyncCallback? asyncCallback, object? asyncState)
{
- return BeginAuthenticateAsServer(serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+ return BeginAuthenticateAsServer(serverCertificate, clientCertificateRequired, SslProtocols.None, checkCertificateRevocation, asyncCallback, asyncState);
}
public virtual IAsyncResult BeginAuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired,
@@ -307,12 +307,12 @@ private IAsyncResult BeginAuthenticateAsServer(SslServerAuthenticationOptions ss
#region Synchronous methods
public virtual void AuthenticateAsClient(string targetHost)
{
- AuthenticateAsClient(targetHost, null, SecurityProtocol.SystemDefaultSecurityProtocols, false);
+ AuthenticateAsClient(targetHost, null, SslProtocols.None, false);
}
public virtual void AuthenticateAsClient(string targetHost, X509CertificateCollection? clientCertificates, bool checkCertificateRevocation)
{
- AuthenticateAsClient(targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+ AuthenticateAsClient(targetHost, clientCertificates, SslProtocols.None, checkCertificateRevocation);
}
public virtual void AuthenticateAsClient(string targetHost, X509CertificateCollection? clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
@@ -341,12 +341,12 @@ public void AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthent
public virtual void AuthenticateAsServer(X509Certificate serverCertificate)
{
- AuthenticateAsServer(serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false);
+ AuthenticateAsServer(serverCertificate, false, SslProtocols.None, false);
}
public virtual void AuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
{
- AuthenticateAsServer(serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+ AuthenticateAsServer(serverCertificate, clientCertificateRequired, SslProtocols.None, checkCertificateRevocation);
}
public virtual void AuthenticateAsServer(X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
@@ -375,7 +375,7 @@ public void AuthenticateAsServer(SslServerAuthenticationOptions sslServerAuthent
#region Task-based async public methods
public virtual Task AuthenticateAsClientAsync(string targetHost) => AuthenticateAsClientAsync(targetHost, null, false);
- public virtual Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection? clientCertificates, bool checkCertificateRevocation) => AuthenticateAsClientAsync(targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+ public virtual Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection? clientCertificates, bool checkCertificateRevocation) => AuthenticateAsClientAsync(targetHost, clientCertificates, SslProtocols.None, checkCertificateRevocation);
public virtual Task AuthenticateAsClientAsync(string targetHost, X509CertificateCollection? clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
{
@@ -401,7 +401,7 @@ public Task AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAu
}
public virtual Task AuthenticateAsServerAsync(X509Certificate serverCertificate) =>
- AuthenticateAsServerAsync(serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false);
+ AuthenticateAsServerAsync(serverCertificate, false, SslProtocols.None, false);
public virtual Task AuthenticateAsServerAsync(X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
{
diff --git a/src/libraries/System.Net.Security/tests/UnitTests/System.Net.Security.Unit.Tests.csproj b/src/libraries/System.Net.Security/tests/UnitTests/System.Net.Security.Unit.Tests.csproj
index d35de6d843f3d6..580aa90dfb2087 100644
--- a/src/libraries/System.Net.Security/tests/UnitTests/System.Net.Security.Unit.Tests.csproj
+++ b/src/libraries/System.Net.Security/tests/UnitTests/System.Net.Security.Unit.Tests.csproj
@@ -168,8 +168,6 @@
Link="ProductionCode\System\Net\SslStreamContext.cs" />
-